Générateur de dorks personnel
Google, Bing, Yahoo dorks
Il s'agit des méthodes de recherches avancés des moteurs de recherches, en utilisant certaines fonctionnalité des moteurs de recherche que nous utilisons, nous somme parfois capable de retrouver du contenu sensible exposé sur internet.
Exemple de google dorks:
Copier site:*target.com
site:*.*.target.com
site:*.*.*.target.com
site:*target.com filetype:pdf
site:target.* inurl:/admin
site:target.com intext:"index of /"
site:*target.com inurl:"/content/dam"
site:*target.com intitle:"index of" "docker-compose.yml"
site:*target.com intitle:"index of"|"access_token.json"
site:*target.com intitle:"index of" "config.json"
site:*target.com intitle:"index of" "service-Account-Credentials.json" | "creds.json"
site:*target.com intitle:"index of" "db.json"
site:*target.com intitle:"index of" "credentials.json"
site:*target.com intitle:"index of" "awsconfig.json"
site:*target.com filetype:csv admin
site:codepad.co "company"
site:scribd.com "company"
site:npmjs.com "company"
site:npm.runkit.com "company"
site:libraries.co "company"
site:ycombinator.com "company"
site:coggle.it "company"
site:papaly.com "company"
site:google.com "compagny"
site:trello.com "company"
site:prezi.com "company"
site:jsdelivr.net "company"
site:codepen.io "company"
site:codeshare.io "company"
site:sharecode.io "company"
site:pastebin.com "company"
site:repl.it "company"
site:gitter.im "company"
site:bitbucket.org "company"
site:zoom.us "company"
site:atlassian.com "company"
site:s3.amazonaws.com inurl:"company"
site:storage.googleapis.com "http://target.com"
inurl:gitlab "company"
intext:"index of" /etc/passwd
intext:"index of" /etc/shadow
"index.of" id_rsa inurl:target
"index.of" private.key inurl:target
"© target 20XX"
"© 20XX target"
inurl:ftp inurl:(http|https) "target" filetype:pdf
... AWS S3 buckets
Copier inurl:s3.amazonaws.com/legacy/
inurl:s3.amazonaws.com/uploads/
inurl:s3.amazonaws.com/backup/
inurl:s3.amazonaws.com/mp3/
inurl:s3.amazonaws.com/movie/
inurl:s3.amazonaws.com/video/
... Autres stockages cloud
Copier site:http://blob.core.windows.net "target.com"
site:http://googleapis.com "target.com"
site:http://drive.google.com "target.com"
site:dropbox.com/s "target.com"
site:box.com/s "target.com"
site:docs.google.com inurl:"/d/" "target.com" Documentation API
Copier inurl:/swagger-ui.html -github -gitlab -reddit -stackoverflow -medium
inurl:/api/swagger -github -gitlab -reddit -stackoverflow -medium
inurl:/api/v1/docs | inurl:/api/v2/docs | inurl:/api/v3/docs
inurl:/api/apidocs CMS
Copier #Drupal
intext:"Powered by Drupal" inurl:"/node/1" -drupal.com -drupal.org -github
inurl:"sites/all/modules/ckeditor" -drupalcode.org
#WordPress
intext:"Index" inurl:"wp-" -wordpress.org -stackexchange -github
inurl:"/wp-json/wp/v2/users/" "id":1,"name":" -wordpress.stackexchange.com -stackoverflow.com
inurl:"/wp-content/uploads"
inurl:"wp-register.php" -wordpress.com -wordpress.org -github
intitle:"index of" "wp-config.php.bak"
#Joomla
inurl:"/libraries/joomla/database/" Frameworks
Copier #Symfony
intitle:"index of" "symfony/config"
inurl:"_fragment" | inurl:"_profiler"
inurl:"_profiler/phpinfo"
inurl:"_profiler/open"
#Ruby on rails
inurl:"index.rb"
inurl:"/config/database.yml"
inurl:"/config/initializers/secret_token.rb"
inurl:"/db/seeds.rb"
inurl:"/db/development.sqlite3" Git exposé
Copier “index of” inurl:.git
intitle:"index of" .git/hooks/
filetype:git Cache
Voir version de site web en cache:
Copier cache:exemple.com/blabla Monitoring
Il est également possible de recevoir des alertes à chaque nouveau résultat pour une recherche donnée avec google.
0xdork
0xdork est un outil de google dorking très simple et léger écrit en python.
Exemple d'utilisation:
$ ./oxdork -q site:*.target.com -c 30
Katana
Katana est un autre outil permettant de récupérer les réponse à une google dork.
Exemple d'utilisation:
$ python3 kds.py -g
ressources:
